JP2004508612A - Authentication / payment card for automatically updating user number, authentication / payment system using the same, and method thereof - Google Patents

Abstract

A user ID is automatically updated after a transaction is performed so that exposure of credit information can be fundamentally solved, and a different number is used in a next transaction, and a card user ID is used. An authentication / payment card that can protect a card user even if it is obtained by an unauthorized method and can also perform a user authentication function, and an authentication / payment using such an authentication / payment card. A system and method for enabling a payment service is provided.
The present invention provides an authentication / payment card in which a card user number is automatically updated, a payment system using the card, and a method thereof. First, the buyer receives the card user number through the payment card, and the payment card provides the card user number only when the entered password matches a previously stored password, or If the number is encrypted, the encrypted card user number is decrypted and provided using the input password. Next, when a payment for the above-mentioned authentication number or card user number is requested from a merchant transaction system (such as a shopping mall), the authentication / card system receives authentication / payment approval for the card user number and conducts business transactions. Transmit to the system so that the business transaction is finally done. Then, the authentication / settlement system changes the card user number to a new number and transmits it to the buyer's settlement card, so that at the next transaction, the authentication / transaction is performed using the new card user number. To Therefore, by making another card user number available for the next authentication / transaction, the card user can be protected fundamentally even if the card user number is obtained in an unauthorized manner. There is.

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to an authentication / payment card in which a user number is automatically updated, an authentication / payment system using the same, and a method thereof, and more particularly, to a new use updated every time a connection or transaction is made. The present invention relates to an authentication / payment card made using a user number, a system and a method for providing a payment service using such an authentication / payment card.
[0002]
[Prior art]
Recently, e-commerce has emerged as a new sense of economic activity overcoming time and space constraints due to the development of information and communication technology and the explosive spread of globally-based communication infrastructure such as the Internet. As a result, countries around the world are promoting the activation of e-commerce as a core means to enhance national competitiveness, and the Internet is now free from the concept of 'sea of information' and becomes a 'business fierce battlefield' without borders. I have.
[0003]
The definition of electronic commerce (EC) can be determined in various ways from various viewpoints. However, all commercial transactions that buy and sell goods and services between individuals, companies, governments, and other economic entities in cyber space such as the Internet. It is common to make a series of actions and definitions, including activities that support them.
[0004]
The biggest advantage of such e-commerce is that there are no time and space restrictions, so there is no need to go directly to the counter, there are almost no distribution costs, building rents, inventory costs, etc., and all Internet subscribers worldwide Is a metaphor for advanced gold fishing grounds because it is a potential customer. In addition, e-commerce is a core means of providing efficiency and transparency in the first half of the economy by reducing the distribution stage, greatly reducing transaction costs, and recording and managing all transaction details by computer. .
[0005]
However, the progress of e-commerce in South Korea is insignificant, apart from the current state of e-commerce usage worldwide, where the Internet is the main focus.
[0006]
There are various reasons why the use of e-commerce is insignificant as described above. When conducting e-commerce (non-face-to-face transactions) on the Internet where customers and shops do not physically meet, trust through open networks such as the Internet Electronic payment systems that transmit card information are more conservative than Westerners, and users in regions where the use of cash has been valued are concerned about the exposure of personal credit information. This can be pointed out as a major reason.
[0007]
In fact, the biggest problem with e-commerce is to protect credit information efficiently. To this end, various forms of payment methods such as a prepaid card type, a credit card type, a deposit transfer type, and an electronic cash type are used, but fundamental user protection is not available. This is possible.
[0008]
Currently, there is an attempt to standardize and enhance electronic payment security technology as a solution to the problem of user information security related to e-commerce activation, but this also exposes credit card user numbers when using e-commerce. Is not a fundamental solution.
[0009]
FIG. 1 illustrates an online shopping mall purchasing process using a Secure Electronic Transaction (SET) method in connection with a standardization method of electronic payment security technology.
[0010]
When attempting an existing e-commerce transaction, the user connects to the shopping mall, fills in the order form on the browser with the product name and credit card number, etc., applies for purchase, and the credit card number and order form are keyed. The encrypted order is transmitted to the shopping mall operator (104), and the order form thus encrypted and transmitted is decrypted using the corresponding decryption key at the shopping mall site (106), and is encrypted. The credit card number is a credit card company (in some cases, it may be a VAN business operator, in which case, questions about approval may be transmitted to the credit card company via a VAN or PG (Payment Gateway) business). It is transmitted to the side and requests approval (108).
[0011]
The credit card company receiving the approval request in connection with the deposit limit, etc., decrypts the credit card number using the decryption key corresponding to the encryption key and obtains the credit card number (110). Then, it searches for the deposit-related information for this number and transmits the result of the approval request to the shopping mall company (112).
[0012]
In the shopping mall, a series of electronic commerce is performed by displaying information on the completion or non-transaction of the transaction to the buyer according to the result of the approval request (116).
[0013]
As can be seen from FIG. 1, data is always encrypted in order to exchange a purchase order or credit card number in which personal information is described via the Internet. However, there is also a problem in privacy from the fact that personal information is unnecessarily known to unrelated institutions, so from this viewpoint only shopping malls use encrypted order forms, and only credit card companies Use a scheme that allows the encrypted credit card number to be decrypted.
[0014]
However, in addition to the measures for enhancing the security of personal information from such a viewpoint, a separate measure must be provided for hacking or when a credit card number is learned in an incorrect manner.
[0015]
On the other hand, FIG. 2 is a diagram illustrating an example in which electronic commerce through the Internet encounters a hack. Assuming that an individual PC 202 is used at home, company, personal computer, or the like to purchase goods through electronic commerce or to attempt personal computer banking, information to be transmitted is transmitted to an e-commerce company or a server 204 such as a bank using a dedicated line. However, if the information is transmitted through a network other than the Internet (eg, the Internet), it may be exposed to the third party 206 through the network.
[0016]
Next, in connection with user authentication of a credit card, a "credit card user authentication device" (Korean Registered Utility Model No. 1999-23246) which can be used only when a password has been entered recently has been filed with a utility model application. Was done. In the above-mentioned application, before the user uses the credit card, the user is authenticated as to whether or not he / she is the identity without using an external device by using the function of the user authentication device provided on the credit card itself. To provide a device that can in principle protect the use of credit cards by the company.
[0017]
However, according to the contents disclosed in the application, the credit card number is also fixed for each card, and such a fixed user number must be input during the e-commerce transaction. The user number is exposed to another person, and the user is unprotected against unauthorized use in which another person steals the user number during electronic commerce.
[0018]
In other words, if the conventional technology is arranged in the case where the card user inputs the card user number at the time of e-commerce, it is possible to use a single-shot machine such as a kiosk that is installed at a workplace, a securities trading store or a common place and used commonly. If a program such as a hacking program or a hacking program is installed on a personal computer used in e-commerce and the card user number is acquired and used, illegal use cannot be fundamentally prevented. .
[0019]
FIG. 3 shows a card user number system used by an existing card company in relation to such a fixed user number.
[0020]
Reference numeral 302 in FIG. The reference number 304 indicates a card-specific grade, and the reference number 306 indicates a card type for classifying an individual or a corporation. Reference numerals 308 to 312 denote components for indicating information related to an individual. Reference numeral 308 denotes a personal identification number, reference numeral 310 denotes a subscriber classification for indicating whether an individual or a family member, The number 312 indicates an issuance order for indicating whether the item is stolen or lost. Finally, reference numeral 314 is an error confirmation number portion for verifying against plagiarism or any input attempt.
[0021]
As can be seen from the above description, in the existing card system, as an example of using a stolen card number at the time of e-commerce, a malicious third party does not know only the last one of the 16-digit number. Even so, there is a high possibility that a transaction can be successfully completed in the name of another person in several attempts.
[0022]
In order to compensate for such disadvantages, at the time of e-commerce, individuals first register as members in the e-commerce service and register information such as resident registration numbers, and encrypt such information together with settlement approval request information. It is possible to use the method of requesting approval, confirming whether the card company receiving the approval request matches the information of the own card customer, and approving it.
[0023]
However, due to the fact that information about oneself can be used arbitrarily for Internet marketing, most of the current Internet use population refuse to enter detailed information such as the resident registration number at the time of membership, There is a problem that a malicious third party can obtain all such materials and plagiarize them completely even if they are used.
[0024]
On the other hand, in connection with network security, a time synchronization type RSA Secure ID, an OTP (one time password) type security token, a security card, an ONCE ID and the like are used for user authentication. ing.
[0025]
However, such a method is a two-factor method and uses a separate terminal. However, since the number displayed on the terminal for user authentication corresponds to a password, such a method is merely used. There is a problem that the function is limited only to user authentication and cannot be linked to payment information.
[0026]
[Problems to be solved by the invention]
Accordingly, the technical problem to be solved by the present invention is to solve the conventional problem, and the user number is changed after the transaction is performed so that the exposure of the credit information can be fundamentally solved. Automatically updated so that different numbers can be used during the next transaction to protect the card user even if the card user number was obtained in an unauthorized manner, An object of the present invention is to provide an authentication / payment card that can also perform a user authentication function, and a system and method for enabling an authentication / payment service using such an authentication / payment card.
[0027]
[Means for Solving the Problems]
According to one aspect of the present invention, there is provided a settlement method connected to a payment card of a buyer and a transaction system of a seller through a network, and a plurality of card numbers usable for each buyer. A payment method for a payment system including a database in which a card user number is stored correspondingly, wherein when a card user number is received from the commercial transaction system, the database is searched to find a corresponding card number. Deciding whether or not to approve the transaction for the card number; and reporting the transaction approval to the commercial transaction system when the transaction approval for the card number is determined, corresponding to the card number. Change the card user number to a new number, transmit it to the buyer's payment card, and There were to be updated, and a step of updating the card user ID of the database that corresponds to the card number to the modified card user ID.
[0028]
According to another aspect of the present invention, there is provided a settlement method connected to a buyer's settlement card and a seller's transaction system via a network, wherein a card user number and a password correspond to a plurality of card numbers usable for each buyer. A payment method for a payment system including a database stored therein, wherein when a password is input through a network, the database is searched to find a corresponding card user number, and the card user number is settled. Transmitting the card user number of the payment card to the card, and if the card user number is received from the commercial transaction system, searching the database to find a corresponding card number; Deciding whether to approve the transaction, and approving the transaction for the card number; Reporting the transaction approval to the commercial transaction system, changing the card user number corresponding to the card number to a new number, and using the card user of the database corresponding to the card number. Updating the number to the changed card user number.
[0029]
Here, the payment card stores a card user number received from the payment system. In this case, the method further includes displaying the card user number based on a password input to the payment card. be able to.
[0030]
On the other hand, the step of determining whether to approve the transaction with respect to the card number includes authorizing the transaction only when the card user number received from the commercial transaction system matches the card user number transmitted to the payment card. In the step of transmitting the user number, the card user number is encrypted and transmitted to the buyer's payment card.
[0031]
In addition, the card user number may include a user number and a usage amount indicating an amount that can be settled. In this case, the step of determining the transaction approval may include receiving a transaction approval amount requested by the commercial transaction system. The transaction is approved only when the amount is less than or equal to the usage amount included in the card user number.
[0032]
In addition, the payment card may store the encrypted card user number received from the payment system corresponding to each card. In this case, if one payment card is selected, The method may further include decoding and displaying the encrypted card user number according to a decoding rule set based on the input number.
[0033]
According to another aspect of the present invention, there is provided a settlement method which is connected to a merchant transaction system via a network, stores usable card numbers corresponding to identification numbers assigned to respective buyers, and stores each card number separately. A payment method for a payment system including a database in which a plurality of card user numbers are stored in a corresponding manner, wherein when an identification number and a card user number are received from the commercial transaction system, the database is searched and responded. Searching for a card number, deciding whether or not to approve the transaction for the card number, and, when the transaction approval for the card number is determined, reporting the transaction approval to the commercial transaction system, If the card user number sent from the commerce system matches the card user number corresponding to the order currently used In, look for a card number that corresponds to the card user number.
[0034]
Here, the commercial transaction system transmits the card user number confirmed from the payment card to the payment system. In this case, the payment card storing the plurality of encrypted card user numbers is used to enter the password to be input. And decrypting the encrypted card user number corresponding to the currently used order based on the information and displaying the card user number.
[0035]
The method further includes the step of displaying the card user number by decrypting the encrypted card user number based on a password input to the payment card, wherein the card user number is encrypted and stored in the payment card. Can be included.
[0036]
In addition, a settlement method according to another aspect of the present invention includes a settlement system including a database connected to a merchant transaction system of a seller through a network and storing card user-specific information for a plurality of card numbers usable for each buyer. A method of processing the card user number when a card user number is received from the commercial transaction system to generate corresponding card user specific information; Searching for the corresponding card number by searching the database based on the unique information; determining whether or not to approve the transaction with respect to the card number; and To the commercial transaction system.
[0037]
The transaction system checks a card user number from a payment card in which card user-specific information is stored for each usable card number and transmits the card user number to the payment system, and one payment card is selected. If so, the card user unique information is encrypted based on the input password to generate and display the card user number. In this case, the generating step decodes the card user number received from the commercial transaction system to generate corresponding card user specific information.
[0038]
Here, the card user specific information may be a previously generated card user number or a transaction count.
[0039]
On the other hand, a payment card according to another aspect of the present invention includes an input unit, a memory in which a plurality of encryption card user numbers are stored, and a setting order from the memory each time a password is input from the input unit. After sequentially reading one encrypted card user number, a processing unit for decoding the read card user number based on the input password, and a display unit for displaying the decrypted card user number including.
[0040]
A payment card according to another aspect of the present invention is a payment card connectable to a wireless communication terminal including a display unit and an input unit, and a memory storing a plurality of encrypted card user numbers, Each time a password is input from the input unit of the wireless communication terminal, one encrypted card user number is sequentially read from the memory in a setting order, and then the card user read based on the input password is read. A processing unit for decoding the number and providing the decoded card user number to the wireless communication terminal so as to be displayed on a display unit.
[0041]
According to another aspect of the present invention, there is provided a payment card connectable to a wireless communication terminal including a display unit and an input unit, wherein the memory stores card user-specific information; After reading the card user unique information from the memory each time a password is input from the memory, the card communication device generates a card user number by processing based on the input password, and transmits the generated card user number to the wireless communication. And a processing unit to be provided to the terminal and displayed on the display unit.
[0042]
According to another aspect of the present invention, there is provided a payment card comprising: an input unit, a memory storing encrypted card user basic information, and a card user basic information stored in the memory each time a password is input from the input unit. After reading the information, it includes a processing unit for obtaining a card user number based on the input password, and a display unit for displaying the obtained card user number.
[0043]
A payment card according to another aspect of the present invention includes an input unit, a receiving unit that receives an encrypted card user number, a memory that stores the encrypted card user number, and a password that is input from the input unit. A processing unit for decrypting the encrypted card user number stored in the memory based on the processing unit; and a display unit for displaying the decrypted card user number in the processing unit.
[0044]
According to another aspect of the present invention, there is provided a payment card including: an input unit for inputting a password; a transmission unit for requesting a card user number while transmitting the password through a network; A receiving unit for receiving the encrypted card user number, a memory for storing the received encrypted card user number, and an encrypted card user number received and stored corresponding to the password. A processing unit that decodes the card user number into a unique card user number, and a display unit that displays the decoded card user number in the processing unit.
[0045]
Here, the card user number can be used as an authentication number for user authentication.
[0046]
Meanwhile, a payment system according to another aspect of the present invention is a payment system connected to a payment card of a buyer and a transaction system of a seller through a network to perform payment processing, and includes a plurality of cards usable for each buyer. If a card user number is stored corresponding to each card number and the card user number is transmitted from the commercial transaction system, the database is searched and a card number corresponding to the transmitted card user number is retrieved. Search and perform the payment process, change the card user number corresponding to the processed card number to a new card user number, and update the card user number in the database to the changed card user number. And a processing device for transmitting the payment card.
[0047]
Also, a payment system according to another aspect of the present invention is a payment system connected to a payment card of a buyer and a transaction system of a seller through a network to perform payment processing, and a plurality of cards usable for each buyer. If there is a card user number transmission request from the payment card and a database in which card user numbers are stored in association with each number, the database is searched and the card user number corresponding to the card is settled. Transmitted to the card, and if the card user number is transmitted from the commercial transaction system, it is determined whether or not the card user number is transmitted to the payment card. Change the card user number corresponding to the card number to a new number, and The over de user ID includes a processor for updating the changed card user ID.
[0048]
Also, a payment system according to another aspect of the present invention is a payment system connected to a merchant transaction system of a seller through a network for performing payment processing, wherein a plurality of card user numbers are provided for each card number available for each buyer. Is stored in association with the database, the card user number is received from the commercial transaction system, the card user number is read from the database to determine whether they match, and if they match, the A processor for searching for a card number corresponding to the card user number and performing a payment process, wherein the processor is one of a plurality of card user numbers sequentially stored in the database according to a setting order; The number is read and compared with the card user number transmitted from the commerce system.
[0049]
Also, a payment system according to another aspect of the present invention is a payment system connected to a merchant transaction system of a seller through a network to perform a payment process, wherein a card user specific to a plurality of card numbers usable for each buyer is provided. When a card user number is received from the database in which information is correspondingly stored and the transaction system, the card user number is processed to generate card user unique information, and the generated card user is generated. A processing device that searches the database based on the unique information to find a corresponding card number and performs a payment process.
[0050]
Here, the processing device may encrypt a card user number corresponding to the card and transmit the encrypted card user number to the payment card, and the card number corresponding to the card user number may be a credit card number.
[0051]
Meanwhile, an authentication method according to another aspect of the present invention is an authentication method of a system for authenticating a service user using a database in which a user number is associated with each service user and stored, Receiving the user number generated from the authentication card through a network, comparing the received user number with the user number stored in the database, and storing the received user number in the database. If the user number matches the stored user number, the corresponding user is determined to be a legitimate service user to provide a service, and the received user number matches the user number stored in the database. Otherwise, it is determined that the user is not a legitimate service user, and the determination is made through the network route through which the user number was transmitted. And after providing the information or reporting the result, the user number corresponding to the service user is changed to a new number and transmitted to the authentication card to update the user number of the authentication card. Updating the user number of the database corresponding to the service user to the changed user number.
[0052]
An authentication method according to a feature of the present invention is an authentication method of a system for authenticating a service user using a database in which a plurality of user numbers are stored correspondingly for each service user, Receiving a user number generated from the card through a network, selecting a user number corresponding to a currently used order among the plurality of user numbers stored in the database, and receiving the received user number; And if the received user number matches the user number stored in the database, determine that the user is an appropriate service user and provide a service; and If the entered user number does not match the user number stored in the database, it is determined that the user is not a valid service user, and the Use identification number includes the steps of notifying the result of determination through the network path transmitted.
[0053]
Here, when the user number is received from a service provider through a network, if the received user number matches the user number stored in the database, the user number and the service available user Providing the service provider with the ID and password of the user and notifying that the user has been authenticated. If the received user number does not match the user number stored in the database, the user is legally authorized. The method may further include determining that the user is not an appropriate service user and notifying the service provider of the determination result together with the user number.
[0054]
An authentication method according to the present invention is an authentication method of a system for authenticating a service user using a database storing user-specific information for each service user, wherein the authentication method is generated from an authentication card. Receiving the user number through a network, processing the received user number to generate corresponding user-specific information, and searching the database based on the generated user-specific information And if the generated user-specific information is stored in the database, determining that the user is an appropriate service user and providing a service; and If the information is not stored in the database, it is determined that the corresponding user is not a legal service user, and the user number is transmitted. And a step of notifying the result of determination through the network path.
[0055]
The authentication card generates and displays a card user number by encrypting user-specific information based on an input password, and the generating step decrypts the received user number to generate a corresponding user-specific number. Generate information.
[0056]
Meanwhile, an authentication system according to another aspect of the present invention is a system for authenticating a user number transmitted through a network and providing a service to a corresponding user, wherein the user number corresponds to each service user. If the stored database and the user number are transmitted through the network, it is determined whether or not the user number stored in the database matches, and if the user number matches, the service is provided, and then used for the database. And a processing device for changing the user number.
[0057]
In such an authentication system and method, the user number transmitted through the network includes a unique field and a password that can identify the member who can use the service so that the member can be authenticated, and the unique field and / or the password are variable. it can.
[0058]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the accompanying drawings. In the following description and drawings, the same or corresponding elements are denoted by the same or similar reference numerals.
[0059]
Here, the payment card indicates all means for providing the updated card user number, and is not limited to a general card form.
[0060]
FIG. 4 is a schematic diagram illustrating a payment service provided using a payment card according to the present invention.
[0061]
FIG. 4 shows a card business (which may include a credit card business, a bank, a department store card business, a lubrication card business, etc., and hereinafter referred to as a card business having the same meaning), a VAN business , A bank, a seller (a credit card merchant or an e-commerce company or a bank that intends to make an electronic settlement, hereinafter referred to as a merchant) and a buyer.
[0062]
First, the VAN operator gives the buyer a personal identification number (card unique ID) according to the present invention or a card to which a password applied by the buyer is assigned (such a card is additionally provided with a personal card unique number ID). It can be allocated and stored in the DB of the VAN business and managed, and the card number issued by the existing card company can be stored in the DB of the VAN business.)
[0063]
When the purchaser intends to use the issued card at the merchant, he / she enters a password to decrypt the pseudo user number which has been encrypted in advance and stored in the memory of the card, As a result, if the usable card user number is displayed on the card display unit, the card user number is obtained and used (404).
[0064]
The merchant asks the VAN operator whether to approve the payment (406), and the questioned VAN operator issues a card number associated with the card user number and a card number unique to the card operator who issued the card and a breakdown of the payment request. Is sent to question the approval (408). Upon receipt of the approval request, the card business confirms the current situation related to the unique card number and responds with the approval (410), and the VAN business transmits this result to the member store (412).
[0065]
The merchant completes or rejects the transaction according to the result (416), and if the transaction is completed, the card company charges the settlement bank and collects the payment (418 and 424), and the buyer issues the transaction with the bank. Is settled (418 and 424).
[0066]
On the other hand, when transmitting the approval to the member store in step 412, the VAN company updates the card user number corresponding to the existing personal identification number (or card unique ID) and simultaneously updates the updated card user number. Is encrypted and transmitted to the payment card according to the present invention together with the payment details, so that the buyer can immediately confirm the transaction result, and the updated card user number which can be used at the next transaction can be known.
[0067]
In some cases, the VAN operator of the above embodiment can play the role of a communication operator, a card operator or a bank. Accordingly, in the following detailed description of the invention and the appended claims, "VAN carrier" can be used in a sense that it can include a communication carrier, a card carrier, a bank, and the like.
[0068]
Based on the concept shown in FIG. 4, the payment card according to the present invention can be realized in the form of a reception-only terminal without a transmission function in one embodiment, and in the form of a card without a reception function in another embodiment. You can also. In another embodiment of the present invention, transmission and reception can be performed, for example, a mobile terminal or a wireless terminal such as a PDA can be realized as a separate additional service. In each case, the embodiment shown in FIG. 4 may include some modifications or additional steps.
[0069]
Next, a payment system and a payment method according to a first embodiment of the present invention using a payment card realized in the form of a reception-only terminal will be described in detail.
[0070]
FIG. 5 shows the structure of the settlement system according to the first embodiment of the present invention.
[0071]
As shown in FIG. 5, the settlement system 1 according to the first embodiment of the present invention is connected to the buyer terminal 2 and the commerce system 3 through a network M1 (including a wired / wireless network), and is connected through a wireless network M2. It is also connected to a payment card 4 realized in the form of a reception-only terminal. In addition, it is connected to an authentication system 5 for payment authentication.
[0072]
The payment system 1 can be operated by a VAN company, and is based on a database module D1 storing various information for providing a payment service using the payment card 4, and information stored in the database module D1. And a processing device D2 for providing a settlement service to each purchaser who has joined as a member.
[0073]
Specifically, the database module D1 includes a member information database D11, an issue information database D12, and a payment information database D13.
[0074]
In the member information database D11, a plurality of pieces of information on purchasers who have joined as members who can receive the payment service using the payment card 4 are stored for each purchaser. For example, the first and last name, the password for settlement, the unique card number of various cards (such as credit card or department store card), the resident registration number, the contact information (electronic (E-mail address, postal address, mobile phone number, wired phone number, etc.)
[0075]
The settlement system 1 according to the first embodiment of the present invention assigns a recipient identification number (card unique ID) to a settlement card 4 such as a member who can receive a settlement service, and after a transaction based on the recipient identification number, a new transaction is made. Assign a user number and report the transaction result.
[0076]
As a result, the issuance information database D12 stores information on the card user number assigned to each recipient identification number and information on the newly given card user number after settlement. For example, a card user number indicating permission to use corresponding to various card numbers used for each receiver identification number given to a purchaser and a card user number newly given after payment are collated and stored. I have.
[0077]
The payment information database D13 stores cards settled by purchasers who have requested payment and details of the payments made by the cards.
[0078]
The processing device D2 that provides a payment service based on the information stored in each of the databases D11 to D13 includes a member management unit D21, a number issuing unit D22, a payment processing unit D23, and an information transmission unit D24.
[0079]
The member management unit D21 is in charge of an interface with other systems (buyer terminal, commercial transaction system, authentication system) connected through the network M1, and in particular, a member registration and a member who can receive the settlement service according to the present invention. Process the member login when connecting.
[0080]
The number issuing unit D22 updates the issuance information database D12 by assigning a card user number indicating permission to use for each card of each buyer registered as a member, and assigning a new user number every time settlement is performed. I do.
[0081]
When the card user number is transmitted from the commercial transaction system 3, the settlement processing unit D23 determines whether the card user number matches the card user number stored in the issuance information database D12, and approves the transaction to the authentication system 5 based on the determination result. Request. On the other hand, if the payment system 1 is a card company that has issued a card voluntarily, the payment processing unit D23 does not pass through the authentication system 5 and separate card information in which information such as a transaction limit and credit is stored for each card member. Process transaction approvals based on information stored in a database (not shown).
[0082]
The information transmitting / receiving unit D24 transmits / receives information to / from the commercial transaction system 3, and particularly transmits the transaction approval result to the commercial transaction system 3 through the network M1, or transmits the card user number newly given by the number issuing unit D22 through the wireless network M1. Send to payment card 4.
[0083]
On the other hand, if the system performs authentication-related functions at the same time according to the disclosure of the present invention, it is natural that the database of the system can be constructed so as to be suitable for such functions.
[0084]
In the case of the payment card according to the first embodiment of the present invention, unlike the existing credit card, the number must be automatically updated after use, so that it can be realized in a form having a wireless reception function. The structure of a payment card implemented in the form of a reception-only terminal is shown as an example.
[0085]
As shown in FIG. 6, the payment card 4 according to the first embodiment of the present invention stores an RF receiving unit 41, a frequency adjusting unit 42, a signal processing unit 43, a pseudo card user number, CPU processor information, and the like. Memory unit 44 and other input / output units 45 to 48 related to input / output.
[0086]
The RF receiving unit 41 includes an RF receiver 411, an intermediate frequency mixing / amplifying unit 412, and an information extraction processing unit 413, and the frequency adjusting unit 42 includes a voltage controlled oscillator 421 and a PLL processing unit 422. The signal processing unit 43 includes a decoder 431, a control unit (CPU, 432), and an antenna tuning unit 433, and the memory unit 44 includes a ROM (ROM, 441), a RAM (RAM, 442), and another memory 443. The input / output unit includes a speaker 45, a driving unit 46 for applying power, a display unit 47, and an operation switch unit 48. The operations of the RF receiving unit 41 and the frequency adjusting unit 42 that receive and process the radio signal are already known technologies, and thus detailed description is omitted.
[0087]
FIG. 7 shows an example of the appearance of a receiving-only payment card according to the first embodiment of the present invention having such a structure.
[0088]
As shown in FIG. 7, the payment card has a number key k1 for inputting a password, a direction key k2, K3 for selecting a screen button displayed on the displayed LCD, and one step of enter. The (Enter) key role may include a key k4 capable of taking charge of a power ON / OFF function as two steps. However, such a key arrangement is merely an example and does not limit the scope of the present invention.
[0089]
Also, the payment card shown in FIG. 7 has a completely different structure from the existing magnetic card, but may be implemented in a form including a separate existing card system so that the existing card can be used. In such a case, it is obvious that the appearance shown in FIG. 7 can be configured to show a card number and a magnetic line recorded on an existing card in an uneven manner.
[0090]
On the other hand, a communication device that can be connected to the commercial transaction system 3 or the settlement system 1 through a wired or wireless network M2 is used as the purchaser terminal 2, such as a wired telephone, a mobile communication terminal, a computer, and a TV that can be connected to the Internet. Various communication devices can be used.
[0091]
The commerce system 3 may be a shopping mall site on the Internet, a card inquiry machine at a member store, or a terminal that can be connected on a network.
[0092]
Next, a payment method based on the payment system using the payment card according to the first embodiment of the present invention will be described.
[0093]
FIG. 8 shows a sequential flow of a payment method using a payment card according to the first embodiment of the present invention.
[0094]
First, the payment system 1 receives a membership application from a plurality of buyers who desire a payment service using a payment card. The membership application can be received through various methods, such as by receiving it through the networks M1 and M2 using a computer or a mobile communication terminal, through a telephone network, or by mail.
[0095]
The member management unit D21 assigns a receiver identification number to each buyer who has applied for membership, receives password information and address information as in the general card subscription procedure, and receives the membership information database D11. To build.
[0096]
The payment card 4 realized in the form of a reception-only terminal can be provided to each member, or the existing device can be used as a payment card by upgrading a communication device such as a pager that the buyer already has. Sometimes. The number issuing unit D22 assigns a card user number at the time of member subscription and saves and issues the card user number given at the time of issuing the payment card in the payment card 4, or issues the service through the wireless network M2 when the service is started by the member subscription. The user number is transmitted to the payment card 4. Then, each generated card user number is stored in the issue information database D12 in association with the receiver identification number of the purchaser. At this time, the card user number stored or transmitted on the settlement card 4 is encrypted and stored or transmitted so as not to be stolen by another person, and is classified into a plurality of cards used by the buyer (credit card, department card, etc.). Can be given a card user number, or one card user number can be given for all cards used.
[0097]
When the card user number is transmitted to the settlement system 1, the buyer confirms the first message, that is, whether or not the card user number has been received, through the issued settlement card 4.
[0098]
After the buyer joins as a member who can receive the payment service using the payment card in this way, if he purchases the product on the Internet shopping mall site or purchases the product at a general card member store, The purchaser confirms the card user number given through the settlement card 4.
[0099]
First, the purchaser operates the payment card 4 and then selects the type of credit card to be used. Next, it is confirmed through the display unit 47 of the payment card 4 whether a new card user number has been received, and a password is input (S10).
[0100]
The payment card 4 determines whether or not the input password matches a pre-stored password, and decrypts the card user number given from the payment system 1 only when the password matches, and uses the decrypted card. The user number is displayed on the display unit 47 (S11).
[0101]
As described above, a method of storing a password for decryption on the payment card 4 at the time of the first operation, comparing the number to be entered in the future with the stored password, and displaying the decrypted card user number if they match is provided. Alternatively, if the payment card 4 enters an arbitrary number without storing a password, the card is generated by executing a decryption process (user number generation process) using the number as a decryption key. A method of displaying a user number can also be used.
[0102]
The latter method has the advantage of not knowing exactly what the password is, and the former method and the latter method all have the advantage that the person who copied the payment card is difficult to use, especially the decryption process is unconditionally necessary. It has the advantage of being.
[0103]
Therefore, the payment card is stored and issued on the payment card at the time of first issuance, and the payment card is configured so that the service according to the present invention can be used only when the passwords match (when the correct password is input again even when the battery is replaced). There must be). In another embodiment, the password, the generation reference code and the generation rule are located on the host (payment system) side of the service provider, and the generation reference code and the generation rule (the generation reference code are used and used inside the payment card). (A generation rule occurs after the used user number becomes the role of the reference code).
[0104]
If the card user number is displayed on the payment card 4 by inputting the password, the purchaser provides the card user number to the commercial transaction system 3 so that the payment is performed (S12).
[0105]
That is, when a purchaser purchases a product at a shopping mall site or the like through the network M1, the card user number is transmitted to the commercial transaction system 3 using the purchaser terminal 2, and the product is purchased at a general card member store. In such a case, the card user number is provided to the member store owner and input to the commercial transaction system 3 which is a card inquiry machine.
[0106]
At this time, the card user number used is one-time use. Therefore, when using a personal computer at work or a personal terminal such as a personal computer or kiosk in a stock shop or a computer room, even if the number is exposed, Makes it impossible to use the exposed user number for the transaction.
[0107]
In this way, the commercial transaction system 3 which has been provided with the card user number from the buyer transmits the details of the transaction and items relating to the card user number to the settlement system 1 through the network M1. Items related to the card user number can include information such as the card user number, the card validity period, and the buyer's recipient identification number, and the transaction details include time, payment amount, merchant information, etc. It is possible.
[0108]
Here, among the data transmitted to the settlement system 1, data such as a personal ID (for example, a personal ID assigned to each shopping mall site) connected to its own commercial transaction system is included as information capable of displaying the target person. When the authentication / settlement card disclosed by the present invention is used, the updated user number can also serve as a personal ID and a password.
[0109]
The payment processing unit D23 of the payment system 1 receives the information on the card user number and the details of the transaction transmitted from the commercial transaction system 3, and then adds the received card user number and the card user who has been permitted to use it in advance. Determine if it matches the number.
[0110]
That is, the payment processing unit D23 searches the issuance information database D12 based on the receiver identification number to find the card user number assigned to the payment card of the buyer who has requested payment, and uses the card usage transmitted from the commercial transaction system 3. It is determined whether the card numbers match with each other (S14). If the user numbers of the two cards match, the card number of the card company to be matched with the card user number and the transaction details are authenticated by the card company. The request is transmitted to the system 5 and a transaction approval is requested (S15).
[0111]
On the other hand, when the company providing the service according to the present invention voluntarily issues the card, information on the transaction limit and the current service available status can be stored in the settlement system 1 for each card. It is possible to autonomously determine the grant of the settlement approval without inquiring the card company or the like of the transaction approval, and thus the step (S15) can be omitted.
[0112]
When the transaction approval is reported from the authentication system 5 or when the transaction approval is determined autonomously, the transaction approval is performed together with the corresponding card user number (may be a member ID when connecting to use electronic commerce). The result is transmitted to the commercial transaction system 3. At this time, the approval result can be transmitted not only to the commercial transaction system 3 but also to the payment card 4 having the corresponding card user number so that the buyer can recognize the approval result.
[0113]
On the other hand, even when a transaction approval rejection is reported from the authentication system 5 or the transaction approval is autonomously rejected, a message indicating that the transaction approval was not performed together with the corresponding card user number (or member ID). Is transmitted to the commercial transaction system 3. In this case, inform the user that the transaction is an unauthorized number and enter the correct number.If such an authorization error is repeated a predetermined number of times, or the correct card user number within a predetermined time, If the authorization is not obtained or the number for which authorization is obtained exceeds the specified time, the payment shall be stopped immediately and at the same time, the card user shall be notified of such facts wirelessly to prevent unauthorized use. it can.
[0114]
As described above, after reporting the approval result by the settlement request, the number issuing unit D22 of the settlement system 1 issues a new card corresponding to the settled card regardless of the approval result or only when approved. A user number is assigned and stored in the issue information database D12 in association with the recipient identification number of the card user. Next, the new card user number is encrypted by using the given password, and is converted to the receiver identification number of the corresponding buyer (a personal ID previously allocated to the card and built in) through the information transmitting unit D24. A corresponding new card user number encrypted is transmitted to the payment card 4 periodically or aperiodically (S19).
[0115]
When a new card user number is transmitted from the settlement system 1 after the settlement transaction is performed in this way, the settlement card 4 stores the received new card user number in a memory, and stores the new card user number in the next transaction. It is sometimes used (S20).
[0116]
The procedure performed in the payment card according to the first embodiment is sequentially shown in FIG.
[0117]
If an input is received in the normal standby step (S30), the control unit 432 checks whether the input signal is a button input signal through the operation switch unit 48 and, if the input is a button input, which of a plurality of cards to use. It is determined whether or not to perform (S31 to S33). It should be noted that in FIG. 9, when used as a card such as a bank, department store, or lubrication card, a portion corresponding to a credit card is omitted.
[0118]
In a case where the credit card is a credit card, for example, it is determined which one of the credit cards is to be used (S34 to S39), and the password related to the selected credit card is input and set. Then, it is determined whether the password is the same as the password stored in the RAM 442 (S40 to S41). As a result of the determination, if the passwords are not the same, it is illustrated that the process returns to step (S40) and waits for the input of the password. The credit card operation can be designed to be stopped afterwards.
[0119]
In some cases, the payment card may be configured to omit this step (S40 to S41). In such a case, only the reference pseudo user number and the decryption rule are initially built in the payment card. Thus, the password can be realized so as to be stored only in the DB of the user's storage and settlement system 1 and utilized. In such a case, if a third party maliciously inputs an arbitrary number as a password, the decryption card user number is displayed on the display unit 47 of the card using such a number. A malicious third party will attempt e-commerce and the like using a number that cannot be approved, whereby the payment system 1 will allow the malicious third party to steal the card number of a specific person. Can be reported to the specific person.
[0120]
Next, when the password is correctly input, the control unit 432 of the payment card 4 uses the password to decode the pseudo user number received and stored and display it on the display unit 47 (S42). At this time, in the case of a payment card having a built-in password, the password can be doubled so that only the one-stage password is built-in, and the second-stage password can be realized without the built-in password. In addition, two or more passwords can be set.
[0121]
Next, the buyer displays on the display unit 47 of the settlement card 4 whether the card user number has been used in a state where the updated user number can be used or whether the card user number is canceled and used again next time. Ask questions through the guidance text above. If the user inputs the confirmation button after using the card user number (S43), the control unit 432 waits for the payment card 4 to receive the details of the card use from the payment system 1 of the VAN business operator or the communication business operator. (S43 to S49).
[0122]
Next, when the transaction details and the new pseudo card user number are received from the settlement system 1, the previous pseudo card user number stored in the RAM 442 and already used is deleted, and the received new pseudo card user number is deleted. After storing the pseudo card user number in the RAM 442, the process returns to the initial standby state (S46 to S49).
[0123]
In such a case, the transaction details that can be displayed may include information on the currently available limit or the like so that the user can refer to the next transaction. In addition, if the card user number requesting the transaction matches, if the service limit is exceeded, a step corresponding to this can be added between steps (S47) and (S48).
[0124]
If the card user number has been canceled, the display of the card user number on the screen is stopped, and the process returns to the initial standby state (S50 to S51), and the confirmation or cancellation cannot be performed within a certain time. Can output an alarm sound through the speaker 45 to inform the user that the card user number is currently displayed.
[0125]
FIG. 10 illustrates an embodiment of a screen that can be displayed on a card display unit in an embodiment using a payment card according to the present invention.
[0126]
FIG. 10A shows an initial screen of a card according to an embodiment of the present invention, FIG. 10B shows a screen in a standby state, and FIG. 10C asks which card to use. Show the screen. FIG. 10D is a screen for asking which credit card to use when a credit card is selected, and FIG. 10E is a screen for decoding the user number of the national card when a national card is selected. It is a screen which waits for the input of the password for the conversion. FIG. 10 (f) is a screen in which the correct password used for the national card is input and the currently usable national card user number is displayed on the display unit so that the user can recognize it. A button is displayed in the lower part of the display unit so that a confirmation or cancel button necessary for a subsequent processing stage can be selected. FIG. 10 (g) shows a case where the confirmation button is pressed and the user inputs to the control section of the card that the user has used the decrypted and acquired card user number at the time of electronic commerce. This shows a state of waiting for a settlement result currently attempted from the system. Finally, FIG. 10 (h) shows a screen in which the normal transaction has been completed and the transaction details have been received. In this case, it is natural that information such as the transaction limit may be included as described above. That is.
[0127]
Next, a case will be described in which a payment is performed using a payment card (a portable terminal may be used in some cases) configured in a terminal form capable of transmission and reception instead of reception only.
[0128]
FIG. 11 is a diagram showing the concept of a second embodiment of the present invention in which a card number providing service for updating a card user number is realized in a form capable of transmitting and receiving.
[0129]
In this case, the form of a card capable of wireless transmission / reception can be added with a configuration enabling transmission to the payment card shown in FIG. 6, and it is obvious that a service can be provided by using a mobile phone as a payment card as an example. It is.
[0130]
In such a case, if the user 920 first requests a pseudo card user number that can be used by connecting to a VAN company or a PG company wirelessly and transmitting a password (902), the VAN company is received. After confirming whether the unique identification ID of the card and the password match, the pseudo card user number can be sent if they match, and if they do not match, the user can be required to re-enter the password. After judging it as an attempt and interrupting the transaction and stopping the connection, the card user is notified of such facts by various methods such as a card (in this case if the card is illegally duplicated), wired / wireless telephone, fax, etc. The notification can be made immediately (904).
[0131]
Next, the card user can decrypt the received encrypted card user number with a password and obtain a true card user number to perform e-commerce or to make a payment through a card reader machine input. In such a case, the process of decrypting the password can be omitted in some cases, but in this case, the VAN operator can transmit the unencrypted true card user number) (906). Next, the card user number is transmitted to the VAN company to check whether or not the card has been approved (908), and the VAN company searches its own DB and transmits the presence or absence of the approval to the affiliated store. Settlement is performed (910 and 912). In such a case, the details of the settlement (which may include the remaining amount or the next use limit) or, when the settlement is impossible, can be transmitted to the card according to the present invention so that the processing result can be known (914).
[0132]
In addition, each display screen of each stage may be similar to each screen described with reference to FIG.
[0133]
The payment method relating to a payment card (an application example such as a mobile phone or a PDA) in which a user number capable of transmission / reception is updated according to an embodiment of the present invention is more specifically associated with the system shown in FIG. The description is as follows. The structure of the settlement system according to the second embodiment of the present invention is the same as that of the above-described first embodiment, and thus the detailed description is omitted.
[0134]
12A and 12B show a flow of a settlement method according to the second embodiment of the present invention.
[0135]
As shown in FIG. 12A attached, after the user registered as a member who can receive the settlement service of the settlement system 1 drives the settlement card (may be a mobile phone) 4 as in the above-described embodiment. If the type of card to be used is selected through the operation switch unit 48, the control unit 432 of the payment card 4 requests a new card user number together with the type information of the selected card (a password may be included in some cases). ) Is transmitted to the settlement system 1 (which may be a VAN operator) (S61). At this time, it is also possible to simultaneously specify the amount of money to be selectively used and simultaneously perform the usage limit check.
[0136]
The number issuing unit D22 of the payment system 1 encrypts a card user number suitable for the selected card type using a password, retransmits the card user number to the payment card 4, and outputs the issued card user number to the issuance information. It is stored in the database D12 (S62). In this case, the balance that can be selectively used can also be transmitted together.
[0137]
The payment card 4 receives the pseudo card user number (encrypted card user number) transmitted through the RF receiving unit 41 and stores it in the RAM 442, and then receives a user's reception confirmation request through the operation switch unit 48. Indicates that the card user number has been received through the display unit 47.
[0138]
After confirming that the card user number has been received, if the user inputs a password through the operation switch unit 48, the control unit 432 of the payment card 4 reads the decrypted card user number and displays it on the display unit 47. (S63).
[0139]
In this case, as in the above-described embodiment, (1) the password is stored in the payment card at the time of the first operation, and the password entered thereafter is compared with the stored password, and if they match, the decrypted card is used. (2) If the user enters an arbitrary number without saving the password, the method of indicating the card user number generated by executing the decryption process using the number as a decryption key can be used. it can. (The advantage of the latter is that no one knows what the password is.) Both of these methods make it difficult for a terminal duplicator to use, and in particular, prevent the card user number from being exposed to others because the decryption process is unconditionally required.
[0140]
If the card user number is displayed on the display unit 47 of the payment card 4 by inputting the password, the buyer provides the card user number to the commercial transaction system 3 (or a card inquiry machine of a member store) to make payment. Is done. Also in this embodiment, since the card user number is used only once, even if the number is exposed, it cannot be used for other transactions (S66).
[0141]
The transaction system 3 such as a shopping mall site or a card inquiry machine that handles the transaction transmits the transaction details together with the card user number of the buyer to the settlement system 1 and requests settlement (S67). The transaction details may include card user information (which can include a member ID), card user number, time, amount, member store information, and the like.
[0142]
The settlement processing unit D23 of the settlement system 1 searches the issuance information database D12 and compares the card user number issued corresponding to the card with the card user number included in the transaction breakdown transmitted from the commercial transaction system 3. If the transmitted card user number matches the usable number stored in the issuance information database D12 (S68), the card number of the corresponding card is stored in the authentication system 5 as in the above-described embodiment. The payment details are transmitted to request approval (S69). Here, the settlement system 1 can request approval from an authentication system 5 such as an existing card business, a department store, a lubrication card issuer, or a bank, while the settlement system 1 voluntarily requests a card (credit card, department store). As described above, it is apparent that the transaction can be approved based on the autonomously provided card information without requesting the authentication system 5 for an approval request when the card is issued.
[0143]
If the transaction approval is reported from the authentication system 5 or the transaction approval is performed autonomously, the settlement processing unit D23 of the settlement system 1 uses the corresponding card together with the transaction result indicating that the transaction is approved through the information transmission unit D24. It transmits to the commercial transaction system 3 using the user number (may be a member ID) (S70 to S71). The transaction approval information is also provided to the card company and follows the same settlement procedure as for a normal card.
[0144]
On the other hand, if the transaction failure is reported from the authentication system 5 or the transaction is not autonomously approved, the transaction is rejected using the card user number (or a member ID) together with the transaction result. Send to system 3. Such a transmission result can also be transmitted to the payment card 4. Then, settlement information such as settlement details or usage limit, or information such as a reason for when settlement is impossible is reported using the card user's personal identification number.
[0145]
As described above, in the case where the payment service is provided using the payment card 4 realized in the form of a terminal capable of transmitting and receiving, a new card user number is requested every time the card user number is requested through the payment card 4. Can be transmitted to the payment card 4 to receive the payment service using the new payment card. However, after the pseudo card number is transmitted to the terminal before the card user number request, The password is decrypted using the key as a key, and when the decrypted number is authenticated through e-commerce, etc., the next pseudo card number is automatically received by the terminal. It is also possible.
[0146]
As an additional example in connection with the wireless Internet, basic information such as a card user number generated from a terminal capable of transmitting and receiving through a password authentication procedure is immediately transmitted to an electronic commerce site connected through the wireless Internet. Accordingly, it can be apparent that the authentication / settlement card user who can transmit and receive data according to the second embodiment of the present invention can be modified to be convenient.
[0147]
Unlike this embodiment, in the third embodiment of the present invention, a payment service can be received using a payment card without a transmission / reception function.
[0148]
In this case, two methods are possible. The first method is to preliminarily input an encrypted pseudo-card user number inside the card, and to decrypt the pseudo-card user number one by one every time a password is input, or to use one by one for a fixed period of time. There may be a need for a protective device that disables the use of a password if it is incorrectly entered more than a specified number of times. In such a case, the payment system must store all card user numbers used for each card.
[0149]
The second method is to enter a password into the card and store the unique information stored in the memory (encrypted personal identification number, step information indicating the time or the number of the encryption step, or the previously generated encryption information). The pseudo-card user number may be encrypted by a generation algorithm to generate and use the pseudo-card user number. In this case, the pseudo-card user number generated by the user is settled. If transmitted to the system, the payment system reverses the same algorithm as the one that generated the pseudo-card user, decrypts the pseudo-card user number, generates the card user number, and then uses the card user number Authentication.
[0150]
At this time, each time a user inputs a password, a card user number may be generated one by one or one by one for a predetermined period. In this case, a protection device that disables the use of the password if the password is incorrectly input more than a specified number of times may be required selectively.
[0151]
FIGS. 13A and 13B show a schematic concept of a service provided using a payment card using such a method.
[0152]
As shown in FIGS. 13A and 13B, the VAN business operator or the PG business operator issues a card, which is assigned a personal identification number according to the present invention or a password applied by the purchaser, to the corresponding card. A database is constructed in which the plurality of pseudo user card numbers encrypted according to the setting rules and the decryption card user numbers for each pseudo user card number are associated with each other.
[0153]
The buyer inputs a password so that the pseudo user number, which has been previously encrypted and stored in the memory of the card, can be decrypted, and the usable card user number is displayed on the card display section. If this is done, it will be obtained and provided to the merchant, and the merchant will question the VAN operator for approval of settlement, and the VAN operator who receives the question will issue a card linked to the card user number. The credit card company, which is the credit card company, sends the unique credit card number and the details of the settlement request to question whether the approval has been obtained. Upon receiving the approval request, the card business confirms the current status of the unique card number and responds with the approval or non-approval, and the VAN business transmits the result to the member store. The merchant completes or rejects the transaction according to such a result, and when the transaction is completed, the card company charges and collects the payment from the settlement bank, and the buyer setstle the payment with the bank.
[0154]
On the other hand, a plurality of pseudo user numbers are stored in the purchaser's card, and each time a password is entered, the other pseudo user numbers are decrypted and used according to the set order, and When transmitting the approval to the member store, the VAN company updates the card user number corresponding to the existing personal identification number to the next card user number in the set order.
[0155]
In addition, as described above, the user number (or the encrypted personal identification information and time or step information) used before is used as basic information (seed value), and thus the card and the payment system are set. According to a series of rules, a decrypted number can be generated, and the card user number updated every time can be presented to a member store or the like.
[0156]
As described above, the card user number of the purchaser stored in the database of the VAN business operator and the card user number (the number obtained by decoding the pseudo user number) displayed on the card of the purchaser are updated in the same order. As a new card user number is used each time a transaction is made, the transaction can be performed more stably.
[0157]
The structure and operation of the payment system using the payment card according to the third embodiment of the present invention will be described more specifically based on the above concept.
[0158]
FIG. 14 shows a structure of a payment system using a payment card according to a third embodiment of the present invention. As shown in FIG. 14, the structure of the payment system according to the third embodiment of the present invention is the same as that of the first embodiment, and the payment card is simply configured without a transmission / reception function.
[0159]
FIG. 15 shows the structure of a payment card according to the third embodiment. The payment card according to the third embodiment is different from the first and second embodiments in a form without a wireless transmission / reception function. As shown in FIG. 15, the payment card 41 according to the third embodiment includes a keypad 411, a CPU 412, a display unit 413, an EEPROM 414 as a memory, and a clock unit 415.
[0160]
The keypad 411 is composed of a plurality of keys for inputting a password and the like, and the EEPROM 414 stores a pseudo card user number, CPU processor basic information, and the like. In particular, a plurality of pseudo card user numbers are stored in the EEPROM 414, and the pseudo card user numbers are sequentially used in accordance with a set order (called a use order). The CPU 412 decodes the pseudo card user number stored in the EEPROM 414 each time a password is input through the keypad 411 in accordance with a set rule according to a clock signal provided from the clock unit 415. And reads and decodes one pseudo card user number sequentially in accordance with the order of use among the plurality of pseudo card user numbers stored in the storage device to generate a usable card user number. The display unit 413 displays the generated card user number so that the purchaser can use it.
[0161]
In some cases, the EEPROM 414 stores a previous card user number (or encrypted personal identification information and time or step information) and the like, and it is obvious that the card user number can be generated according to a series of rules. That is.
[0162]
The attribute of data stored in the issuance information database D12 of the settlement system 1 according to the third embodiment of the present invention is different from that of the first embodiment. In the issuance information database D12 of the third embodiment, a plurality of card user numbers indicating permission for use are stored in association with the various card numbers to be used for each identification number given to the payment card. A plurality of card user numbers corresponding to each card number are sequentially used in each transaction in accordance with the order of use.
[0163]
However, in the case of the second embodiment of the third embodiment in which a card number is generated through a rule, one or more card user numbers can be stored in the database D12.
[0164]
A payment method based on a payment system using a payment card according to a third embodiment of the present invention having the above structure will be described.
[0165]
FIG. 16 shows a sequential flow of a settlement method using a settlement card according to the first embodiment of the third embodiment of the present invention. In the case of the second modified embodiment, it is realized by appropriately modifying. it can.
[0166]
When a user registered as a member who can receive the settlement service of the settlement system 1 drives the settlement card 41 and inputs a password through the keypad 411 in the same manner as in the first embodiment, the settlement is made. The CPU 412 of the card 41 displays a use confirmation message through the display unit 413 (may be omitted in some cases) and confirms again whether the user intends to use the payment card 41 (S60 to S61). After confirming the user's use of the settlement card, the CPU 412 reads the pseudo card user number corresponding to the currently used order from the EEPROM 414 in accordance with the order of use, and then uses the input password as a decryption key and a decryption card user number. Is generated, and the display unit 413 displays the generated card user number (S62).
[0167]
As described above, in addition to the method in which the payment card 41 performs the decryption process using the password as the decryption key to generate and indicate the card user number, the password for decryption is stored in the payment card 41 at the first operation. Alternatively, a method of comparing the entered number with the stored password and indicating a decrypted card user number if they match can be used.
[0168]
If the card user number is displayed on the payment card 4 by inputting the password, the purchaser provides this card user number to the commercial transaction system 3 so that the payment is performed (S63). That is, as in the above embodiment, when a purchaser purchases a product at a shopping mall site or the like through the network M1, the card user number is transmitted to the commercial transaction system 3 using the purchaser terminal 2, and the general user is used. When the merchandise is purchased at the card affiliated store, the card user number is provided to the affiliated store owner and input to the commercial transaction system 3 which is a card inquiry machine.
[0169]
In this way, the commercial transaction system 3 receiving the card user number from the buyer transmits the transaction details and the items related to the card user number to the settlement system 1 through the network M1 (S64). Here, the identification number given to the payment card 41 may be included in the data transmitted to the payment system 1.
[0170]
The payment processing unit D23 of the payment system 1 receives the information on the card user number and the details of the transaction transmitted from the commercial transaction system 3, and determines whether or not it matches the card user number to be used at the time of the current transaction according to the order of use. Is determined (S65).
[0171]
That is, the settlement processing unit D23 searches the issuance information database D12 based on the receiver identification number, and uses the card number among the plurality of card user numbers given to the settlement card of the buyer who has requested settlement in accordance with the order of use. In step S65, it is determined whether the two card user numbers match the card user number transmitted from the commercial transaction system 3 by searching for one card user number corresponding to the order. Notifies the payment system 1 of the re-entry of the card number to the settlement system 1 (S66). If the two card user numbers match, the credit card number of the card company and the transaction breakdown to be matched with the card user number are sent to the card company. Is transmitted to the authentication system 5 operated by the company (S67).
[0172]
When the transaction approval is reported from the authentication system 5 or the transaction approval is determined autonomously, the transaction approval result is transmitted to the commercial transaction system 3 together with the corresponding card user number (S68 to S69).
[0173]
On the other hand, when the settlement system 1 is notified of the transaction approval rejection from the authentication system 5 or autonomously rejects the transaction approval, the transaction approval is not performed together with the card user number as in the first embodiment. Is transmitted to the commercial transaction system 3 to input an accurate number.
[0174]
As described above, after reporting the approval result by the settlement request, the number issuing unit D22 of the settlement system 1 performs the transaction once irrespective of the approval result or in response to the card on which the settlement has been performed when the approval is obtained. In the next transaction, the card user number corresponding to the next order is used according to the set order.
[0175]
The procedure performed in the payment card according to the third embodiment is sequentially shown in FIG.
[0176]
Unlike the first embodiment, the payment card 41 according to the third embodiment may not perform the step of selecting the type of the card to be used or the company, and the button input signal through the keypad 411 in the normal standby step (S70). If the password is entered after the entry of () (S71), a use confirmation message is displayed on the display unit 413, and the use of the password is again questioned (S72).
[0177]
Next, if the user presses the confirmation button, the use of the card is canceled again and a question as to whether or not to use the card next time is made through the display unit 413. If the user does not cancel, the entered password matches the stored password. Regardless of the presence or absence, the pseudo-card user number stored in the EEPROM 414 (the pseudo-card user number to be used at the time of the transaction according to the setting order) is decrypted using the input password as a decryption key to obtain the card user number. It is generated (S75).
[0178]
Therefore, when the password is the same as the stored password, the pseudo card user number is decrypted with the correct decryption key, so that the card user number that can receive the transaction approval is displayed on the display unit 413. On the other hand, if the password does not match the stored password (S76 to S77), the pseudo-card user number is decrypted with the wrong decryption key, and the card user number that cannot be approved for transaction is displayed. It is displayed on the section 413 (S78 to S79). Therefore, if a third party maliciously enters an arbitrary number into the password, such a number is used to display a decryption card user number, that is, a number for which authorization is not performed. Even if a third party attempts electronic commerce or the like using this number, no approval can be obtained, so that damage caused by card number theft can be easily prevented.
[0179]
On the other hand, the pseudo card user number can be sequentially decrypted and displayed according to the order of use only when the password matches the stored password each time the password is entered. In this case, the password is set twice and the security is set. It can also improve the performance.
[0180]
As described above, after the CPU 412 of the payment card 41 displays the decrypted card user number on the display unit 413 by inputting the password, after a certain period of time, the card user number display operation is stopped, and the process returns to the standby state. . In some cases, steps S73 to S75 can be appropriately omitted according to a modified embodiment.
[0181]
FIG. 18 shows an example of a screen that can be displayed on the display unit of the payment card according to the third embodiment.
[0182]
FIG. 18A shows a screen for waiting for input of a password for decrypting a user number, FIG. 18B shows a screen for inputting a password, and FIGS. 18C and 18D show currently used passwords. 5 shows a screen displayed on a display unit so as to inform a user of a possible card user number.
[0183]
Next, a case will be described in which e-commerce payment is performed using a payment card that can be used in combination with a wireless communication terminal. In the following, an example will be described in which payment is performed at the time of mobile commerce using a wireless communication terminal, but the present invention is not limited to this.
[0184]
FIG. 19 schematically shows a structure of a payment card according to a fourth embodiment of the present invention based on the above concept and a connection state with a wireless communication terminal.
[0185]
As shown in FIG. 19, a payment card 200 according to a fourth embodiment of the present invention includes a CPU 214, an EEPROM 214, a clock unit 216, and an interface unit 218. The payment card 200 having such a structure can be realized as a one-chip MCU integrating a CPU, an EEPROM, and a clock unit.
[0186]
The payment card 200 is connected to the wireless communication terminal 100. The wireless communication terminal 100 receives data from the data port 101 for data input / output of the wireless communication terminal and a plurality of keys for inputting data such as a password. And a display unit 103 for displaying input / output data or data provided from the payment card 200. In addition, it is installed inside the wireless communication terminal 100 to process data input through the keypad 102 and transmit the data to the payment card 200, and process data transmitted from the payment card 200 to the display unit 103. The display device may further include a processing unit for displaying the information.
[0187]
The interface unit 218 of the payment card 200 is connected to the data port 101 and communicates data. Here, the interface unit 218 communicates data by the RS-232C method, but is not limited thereto.
[0188]
The CPU 212 of the payment card 200 performs serial communication with the display unit 103 and the keypad 102 mounted on the wireless communication terminal through an RS-232 interface.
[0189]
To this end, it is preferable that the CPU inside the wireless communication terminal and the CPU of the payment card of the present embodiment have the same data protocol, and the internal voltage of the wireless communication terminal is different from the voltage required by the CPU of the payment card. It is self-evident that in some cases a DC-DC converter or regulator is needed to regulate this.
[0190]
For example, the CPU 212 of the payment card 200 is the same as the protocol adopted by each wireless communication terminal company, for example, the ESMS protocol (a data format on the SK company side) or the EIF protocol (similar to the ESMS, but based on the Internet). Data communication using various protocols.
[0191]
The EEPROM 214 of the payment card 200 stores a pseudo card user number, CPU processor basic information, and the like. In particular, a plurality of pseudo card user numbers are stored, and are sequentially used one by one according to a set order (called a use order).
[0192]
The CPU 212 decodes the pseudo card user number stored in the EEPROM 214 according to a set rule every time a password is input through the keypad 102 of the wireless communication terminal 100 according to a clock signal provided from the clock unit 216. Among the plurality of pseudo card user numbers stored in the EEPROM 214, one pseudo card user number is sequentially read and decoded according to the use order to generate a usable card user number. Then, the generated card user number is provided to the wireless communication terminal 100 to be displayed on the display unit 103, so that the purchaser can use it. In some cases, the EEPROM 214 stores card user-specific information (previously card user number, or encrypted personal identification information and time or step information) as in the third embodiment, and a series of rules. It is obvious that the card user number can be generated by the above.
[0193]
A payment method according to the fourth embodiment of the present invention will be described with reference to a payment card having the above-described structure.
[0194]
When a user registered as a member who can receive the payment service of the payment system inserts the interface unit 218 of the payment card 200 into the data port 101 of the wireless communication terminal 100, the display unit 103 of the wireless communication terminal 100 is controlled. The command for obtaining the right (for example, SETLCD = 1) and the command for obtaining the control right of the keypad 102 of the wireless communication terminal (for example, SETKEY = 1) are automatically transmitted to the wireless communication terminal 100. The processing unit of the wireless communication terminal (not shown) 100 transfers the control right to the CPU 212 of the payment card 200.
[0195]
Thereafter, a payment initial screen is displayed on the display unit 103 of the terminal, and when the user inputs a password of the payment card 200 for performing payment, the password is input to the CPU 212 of the payment card 212 through the interface unit 101. You. The CPU 212 of the payment card 200 allows the use confirmation message to be displayed on the display unit 103 of the terminal 100 (may be omitted in some cases), and determines whether the user intends to use the mobile e-commerce payment card 200. Check again.
[0196]
After the confirmation, the CPU 212 reads the pseudo card user number corresponding to the order to be used at present according to the use order from the EEPROM 214, and then decrypts the input password as a decryption key to generate a card user number. The generated card user number is displayed on the display unit 103 of 100.
[0197]
As described above, in addition to the method in which the payment card 200 performs the decryption process using the password as the decryption key to generate and show the card user number, the password for decryption is stored in the payment card 200 at the first operation, A method of comparing the entered number with the stored password and displaying the decrypted card user number if they match can be used.
[0198]
When the card user number is displayed on the display unit 103 of the terminal 100 that communicates with the settlement apparatus 200 by inputting the password, the user provides the card user number to the commercial transaction system 3 as in the above-described embodiment. To make payment.
[0199]
In this way, the commercial transaction system 3 receiving the card user number from the user transmits the transaction details and items related to the card user number to the payment system 1 through the network, and the data transmitted to the payment system includes It may include an identification number given to the payment card 200.
[0200]
The payment processing unit D23 of the payment system 1 receives the item relating to the card user number and the transaction details transmitted from the commercial transaction system 3, and then issues the issuance information database based on the received identification number as in the third embodiment. D12 is searched to find one card user number corresponding to the currently used order according to the order of use among a plurality of card user numbers given to the payment card of the user who has requested payment, and conducts business transactions. It is determined whether the card user number matches the card user number transmitted from the system (S65), and payment authentication is performed based on whether the two card user numbers match. The payment authentication process is performed in the same manner as in the third embodiment, and a detailed description thereof will be omitted.
[0201]
After reporting the result of approval by the settlement request, it records that the transaction has been performed once irrespective of the approval result of the number issuing unit D22 of the settlement system 1 or in the case of approval, corresponding to the card for which settlement was performed, and During the transaction, the card user number corresponding to the following order is used according to the set order.
[0202]
In the fourth embodiment according to the embodiment of the present invention, the procedure performed in the payment card 200 is performed in the same manner as in the third embodiment (see FIG. 18).
[0203]
Also in the fourth embodiment, the pseudo card user number can be sequentially decoded and displayed according to the use order only when the password matches the stored password every time the password is input. In this case, the password is doubled. It can be set to improve security.
[0204]
FIG. 20 shows another example of another payment card according to the fourth embodiment of the present invention. The payment card 300 shown in FIG. 20 has a general card form, and has a structure having a separate connector inserted into the data port 101 of the terminal 100.
[0205]
Here, the payment card 300 includes an ASIC chip 310 having a thickness of a general card, and a connector 320 for providing an interface between the terminal 100 and the payment card 300. Here, the ASIC chip 310 is a chip including the CPU, the EEPROM, and the clock unit.
[0206]
The payment card 300 having such a structure also operates so that the commercial transaction is settled in the same manner as the payment card 200 described in the fourth embodiment, and is different from the fourth embodiment. Alternatively, in order to provide an interface between the terminal 100 and the ASCI chip 310 using the connector 320, the connector 320 may be configured in a card format of a general standard, for example, an ISO7816 standard. Therefore, since the same form as a general credit card can be used and a magnetic stripe can be included, general card information recorded on a magnetic stripe by an ATM or a CD terminal at the time of offline payment is used. Can be read. The password generated by inserting the payment card 300 into the connector 320 at the data port 1010 of the terminal 100 is used to generate a password required by the ATM or CD terminal in the same manner as described in the first embodiment. be able to.
[0207]
Since the password used in a general ATM or CD terminal requires four digits, in the second example of the fourth embodiment, the operation of the terminal display unit differs from that of the first embodiment in two types of selection. It is preferable to have a mode. Here, the password used for the ATM or CD terminal can be obtained by using a specific four-digit number of the user number generated by using the user number generation algorithm that can be generated according to the present invention.
[0208]
FIG. 21 shows an example of a screen that can be displayed on the terminal display unit according to the second example of the fourth embodiment.
[0209]
FIG. 21A shows a screen on which the user selects which of a card user number and an ATM password required for online settlement is desired to be generated. FIGS. 21B and 21C are screens for inputting a password for decrypting the user number, and FIG. 21D is a screen for allowing the user to know the currently usable card user number. Shows a screen to be displayed. FIG. 21E shows a screen for displaying the currently usable card user number so that the user can recognize it.
[0210]
The card-type payment apparatus according to the second example of the fourth embodiment can also realize the function of a normal electronic money by utilizing the communication function of the wireless communication terminal. In other words, when the card-type payment device is inserted into the terminal through the connector, the wireless communication terminal having the Internet function can connect to a specific site that implements the electronic money service and seek the electronic money and charge the payment device. It is also possible to transfer the balance inquiry and balance to another person's mobile electronic commerce authentication / settlement device.
[0211]
In addition, as described above, the payment card according to the fourth embodiment of the present invention can be inserted into a side surface or a bottom surface of the wireless communication terminal in addition to the module type and the card type inserted into the data port of the wireless communication terminal. It can be configured in the form of a SIM card or in the form of a UIM (user identity module).
[0212]
On the other hand, in the above-described fourth embodiment, when a password is input, the card user number stored in the memory (EEPROM) of the payment card connected to the wireless communication terminal is read and processed and displayed on the display of the wireless communication terminal. However, when the payment card is connected to the wireless communication terminal, the card user number is generated by the payment card and stored in the memory of the wireless communication terminal, and then the password is displayed. It is also possible to display the card user number stored in the memory of the wireless communication terminal on the display unit without communicating with the payment card at the time of input.
[0213]
According to the fourth embodiment of the present invention, the payment device can use the terminal device for the keypad unit and the display unit required for the payment operation, and the module itself is more compact than the card. Therefore, the user can make payment more conveniently.
[0214]
In addition, the payment device may have a card form conforming to the ISO 7816 standard, and the terminal device may be used for a necessary keypad unit and a display unit through a magnetic stripe when performing a payment operation through an ATM or a CD terminal. Yes, the module itself is much smaller than the card. In addition, when authentication or payment is required, the user can insert the payment card into the wireless communication terminal and use it selectively.
[0215]
In the above-described embodiments of the present invention, it may be important that a VAN company or a PG company must secure and enforce a user number system that can be updated voluntarily. An example of a card user number system that can be used as a solution to this is shown in FIGS. 22a to 22m.
[0216]
Referring to FIG. 22A, the card user number system includes a field A that can include card company information, a field B that can include user information, and an individual for providing a variable number that can be assigned to a user. When scrambling the allocation field PP (Private Pool) and the PP field, it includes a field C indicating information on the allocation field, and FIGS. 22B to 22M illustrate a case where the field is scrambled.
[0219]
In such a case, the field B that can include user information corresponds to a kind of fixed field, the personal assignment field PP can be a variable field, and in some cases, a card company. Field A, which can contain information, can be omitted. Although not shown in FIGS. 22a to 22m, a check digit can be included to check whether the number is a valid number for the entire card number.
[0218]
Also, when using a password that is not built-in to decode the card user number from the pseudo card user number, the number corresponding to the personal assignment field PP or all of the fixed and variable fields are to be decoded. be able to.
[0219]
With this configuration, if a malicious third party knows the card user number with an arbitrary password and attempts electronic commerce or the like, it is possible to prevent the malicious third party from being damaged, In addition, since it becomes possible to know whether there was an illegal transaction attempt in connection with the card of the true cardholder, it is possible to immediately catch the single illegal attempt and stop the transaction, and the real cardholder Can be immediately informed of such facts.
[0220]
Further, by inserting a settlement range into such a card user number system, it is possible to prevent an arbitrarily high charge for settlement at a shopping mall or the like.
[0221]
For example, the card user number system is configured in the form of “pseudo user number + password + use amount range (or use amount) + check digit”, and the settlement request amount is set together with the card user number configured in this manner. If the payment is transmitted from a commercial transaction system such as a shopping mall, the payment system compares the payment amount requested by the transaction system with the usage amount range or usage amount included in the received card user number, and determines the payment request amount. Final settlement approval only when is within the usage amount range or usage amount.
[0222]
This can prevent the commercial transaction system from requesting a payment amount higher than the actual payment amount and trying to obtain an illegal gain.
[0223]
If a method such as the structure described in the above embodiment is used, a card number system having excellent expandability and security by adjusting the size of the entire field can be used in the present invention. When used with an authentication / settlement card that can update a user number according to the present invention, the problems of the prior art can be fundamentally solved as described above.
[0224]
In the above-described embodiment, when the card user number displayed on the payment card of the present invention is to be used at a terminal connected to the communication network, a direct payment and a prepaid method other than a credit card are used as payment means. Can be used. That is, a desired settlement means can be selectively used depending on the situation among the cards held by the user. For example, if the payment amount is relatively small or you do not have a credit card, you can use your own direct payment or prepaid account, and if the transaction amount is large, use the postpay concept. You can choose a credit card.
[0225]
When the direct payment method is selected, the payment system according to the embodiment of the present invention receives the details of the card user number transmitted from the commercial transaction system and the details of the transaction, and the received card user number is a valid card user number. If it is confirmed, the user checks the direct payment account number of the user stored in association with the card user number, and then requests the corresponding bank to transfer the withdrawal. Accordingly, when the bank transmits the withdrawal result to the payment system, the payment system transmits the result to the commercial transaction system again to provide the customer with goods or services if the transaction is valid, and thereafter, the commercial transaction system Receives payment from the payment system.
[0226]
On the other hand, when trying to use the prepaid method for small payment, first, the corresponding account of the payment system is filled with the prepaid amount. Specifically, if the user connects to the bank where his or her account is connected via Internet banking and requests funds transfer as a payment system, the relevant bank transfers funds using the payment system and simultaneously notifies the user of the fact of fund transfer. In addition, the settlement system also transmits the remittance breakdown confirmation from the bank to the corresponding user.
[0227]
In this way, when purchasing goods or services in a prepaid system in which the corresponding account of the payment system is filled with a certain amount, items related to the card user number and transaction breakdown from the commercial transaction system according to the purchase of the user described above. Is transmitted, the payment system according to the embodiment of the present invention checks whether the transmitted card user number is a valid card user number. If the transmitted card user number is a valid card user number, If the account corresponding to the card user number has sufficient funds to be settled, the commerce system responds with the approval / disapproval and sends the authentication number, and the commerce system provides the goods or service to the user. To do.
[0228]
As described above, since the payment card according to the embodiment of the present invention can be used as a credit card, a direct payment card, a prepaid card, and the like in the same manner as described above, the user does not need to carry each corresponding card separately. In addition, the mobile phone is simple, and the youth without credit card can use the direct payment account or the prepaid account for electronic commerce.
[0229]
In addition, since there is no need to enter any separate credit information or authentication information at the time of electronic payment or user authentication, the user is more free from hacking. Since the information is transmitted to the card company through the payment system without passing through the mall site at all, the illegal leakage of customer information from the shopping mall site is basically blocked, and anonymity is guaranteed.
[0230]
In addition to this, the settlement fee may be added to the usage fee of the mobile phone held by the user. In general e-commerce, a customer, a service provider (CP), and a payment institution corresponding to a payment means participate, but in the case of payment according to the present invention, according to a user, a service provider (CP), and a payment means. Since the settlement system according to the embodiment of the present invention exists in addition to the settlement institution, if the information on the user's mobile phone is stored in the settlement system (the information on the user's mobile phone from the wireless communication network operator). Or the system is operated by a wireless communication network operator), and the settlement fee can be included in the user's mobile phone bill. FIG. 23 is a schematic illustration of a case where a payment is charged at a mobile phone charge.
[0231]
For example, as shown in FIG. 23, if a user obtains a card user number from a payment card and provides the card user number to the transaction system, the transaction system provides the card user number to the payment system and requests payment. I do. The payment system performs authentication based on the provided card user number as in the above-described embodiment, and if the card is confirmed to be a valid card user number, the mobile communication corresponding to the corresponding card user number. The mobile phone is provided to the mobile communication service provider to inquire whether the mobile phone can be used. If the mobile communication service can use the corresponding mobile communication phone number, the approval result is reported to the commercial transaction system and the service is provided to the corresponding user. And provide goods. Thereafter, the payment system bills for the services and goods provided for the communication charges of the corresponding mobile communication telephone number. Therefore, the user can settle for the commercial transaction with the mobile phone fee.
[0232]
In the first and fourth embodiments described above, the card user number is updated each time a purchase is made. However, the transaction password can be updated differently.
[0233]
If it is necessary to enter a transaction password for user confirmation during e-commerce or general transactions, the transaction system generates a new transaction password instead of the card user number and sets it on the payment card, as in the embodiment described above. It is possible to maintain the security of the transaction by transmitting or displaying a plurality of transaction passwords that are used sequentially according to the set order on the payment card or are generated and displayed each time a transaction is made. it can.
[0234]
In this case, since the transaction password is composed of a combination of numbers relatively smaller than the card user number, it is easy to recognize and input the user, and all the different user numbers are fixed for each user. Therefore, even if transactions in which the same password is input occur simultaneously, congestion does not occur. In particular, if the use of a password is obligated in e-commerce and general transactions using a credit card, such a method of updating the transaction password may be a very effective security measure.
[0235]
In addition, the present invention can be applied to a user ID and a password used for user authentication when connecting a system or a specific device through a general Internet connection or a communication network.
[0236]
FIG. 24 is a schematic and conceptual diagram illustrating a service provided using a payment / authentication card based on the above concept.
[0237]
Here, unlike the above-described first to fourth embodiments, a settlement card is used as an authentication card for user authentication. In this case, the user ID or password is the same as the card user number of the above-described embodiment. Is changed as follows. For example, the user ID can be updated every time a password is used in a fixed state, or the user can update and use all of the ID and password for authentication. By inputting the user ID or password that is changed each time and connecting the user to the system or the apparatus, the security related to the user authentication problem can be significantly improved.
[0238]
As shown in FIG. 24, when a user intends to make a bank transaction (internet banking) using the Internet, the authentication card according to the embodiment of the present invention is used in the same manner as in the first to fourth embodiments. A user number that can identify the service user is generated, and if the user inputs the generated user number at the time of authentication request, the authentication server in the corresponding bank receives the user number through a network such as the Internet, The authentication server compares the received user number with the unique ID and password of the service available member stored in the DB.
[0239]
If the comparison result indicates that the user is a valid service applicant, the service is provided.If the comparison result indicates that the user is not a valid service applicant, the network to which the user number is transmitted. Report the result through the route.
[0240]
On the other hand, when the authentication is performed by a separate certification organization other than the authentication server in the bank, a user number that can identify the service user is generated from the authentication card according to the embodiment of the present invention in the same manner as described above. If the user enters the generated user number at the time of the authentication request, the authentication server in the bank (which may be a service provider requesting authentication to provide a specific service without being limited to this) may be provided. A user ID is provided to a separate certification body through a network such as the Internet to request authentication, and the user number received from the certification server of the certification body is thereby stored in a DB. And password.
[0241]
As a result of the comparison, if it is determined that the user is a legitimate service applicant, the unique ID and password of the compared service-usable member are transmitted to the authentication server of the bank to notify that the user has been authenticated. If it is determined that the user is not a valid service applicant, the result is reported together with the user number. Such an authentication method may be performed by inputting a user number when connecting to a specific site for authentication, or by inputting a user number when performing a specific transaction.
[0242]
As described above, the payment card according to the embodiment of the present invention can be used as an authentication card in the same manner as in the above-described first to fourth embodiments, and the means for using as the authentication card is the above-mentioned first to fourth embodiments. It is obvious that the configuration is the same as that of the fourth embodiment.
[0243]
It is obvious that the payment / authentication card in which the user number is updated according to the present invention can be realized including all cards related to payment, such as a securities transaction card, a bank cash card, and a card that can be settled when using transportation. is there.
[0244]
In addition, the payment / authentication card according to the present invention provides the card user number and at the same time, information related to each card operator or other information that can be provided to the card user (for example, securities information, weather, sports competition status, entertainment information, It goes without saying that information such as horse racing information) can be provided together.
[0245]
As described above, those skilled in the art to which the present invention pertains can understand that the present invention can be embodied in other specific forms without changing its technical idea and essential characteristics. Accordingly, it is to be understood that the above-described embodiments are illustrative in all aspects, and not limiting.
[0246]
The scope of the present invention is defined by the appended claims rather than the foregoing detailed description, and all changes or modifications derived from the meaning and scope of the claims and equivalents thereof are defined by the scope of the present invention. Must be interpreted as being included in
[0247]
【The invention's effect】
As described above, the present invention provides a card and a card service system and method for automatically updating a user number after a transaction, so as to fundamentally solve personal credit information exposure. .
[0248]
According to the present invention, a different card user number can be used at the next authentication / transaction, so that the card user can be used even if the card user number is obtained in an unauthorized manner. The effect that can be protected is obtained.
[0249]
In addition to being able to immediately report the authentication / payment status, as well as providing information on the current payment limit, etc., it is possible to use the card more smoothly, and immediately capture even one illegal attempt The transaction can then be aborted and the true cardholder can be immediately informed of such facts, thus preventing additional losses.
[0250]
As described above, in the case of using a card whose user number can be updated according to the present invention, in addition to the advantage that the card can be used safely by updating the user number, in the above, those skilled in the art As everyone can understand from the abbreviations, it has the advantage that all authentication / payment related cards, such as general credit card, bank card, securities card, department store card, gas station card, etc. can be integrated with one card.
[Brief description of the drawings]
FIG. 1 is a diagram illustrating a purchase process of an online shopping mall using SET (Secure Electronic Transaction).
FIG. 2 is an exemplary view illustrating a case where electronic commerce through the Internet is hacked.
FIG. 3 is a view showing an example of a card user number system used by an existing card company.
FIG. 4 is a schematic and exemplary conceptual diagram of a service provided using a payment / authentication card according to the present invention;
FIG. 5 is a view illustrating a structure of a payment system using a payment / authentication card according to an embodiment of the present invention.
FIG. 6 is a diagram illustrating a structure of a payment card realized in a form of a reception-only terminal according to a first embodiment of the present invention;
FIG. 7 is an exemplary diagram showing an outer shape of the receiving-only payment card shown in FIG. 6;
FIG. 8 is a view illustrating a sequential flow of a payment method using a payment card according to a first embodiment of the present invention.
FIG. 9 is a view sequentially illustrating a payment card driving procedure according to a first embodiment of the present invention.
FIG. 10 is a view illustrating an example of a screen according to an operation of the display unit of the receiving-only payment card according to the first embodiment of the present invention.
FIG. 11 is a conceptual diagram illustrating a case where a payment service is provided using a payment card capable of transmission and reception according to a second embodiment of the present invention.
FIG. 12A and
FIG. 12B is a view sequentially illustrating a flow of a payment method using a payment card capable of transmission and reception according to a second embodiment of the present invention.
FIG. 13A and
FIG. 13B is a conceptual diagram illustrating a service provided using a payment card according to a third embodiment of the present invention;
FIG. 14 illustrates a structure of a payment system using a payment card according to a third embodiment of the present invention.
FIG. 15 is a view illustrating a structure of a payment card according to a third embodiment of the present invention.
FIG. 16 is a view illustrating a sequential flow of a payment method using a payment card according to a third embodiment of the present invention.
FIG. 17 is a view sequentially illustrating a payment card driving procedure according to a third embodiment of the present invention.
FIG. 18 is a view illustrating an example of a screen according to an operation of a display unit of a payment card according to a third embodiment of the present invention.
FIG. 19 shows a structure of a payment card according to a fourth embodiment of the present invention.
FIG. 20 shows another example of another payment card according to the fourth embodiment of the present invention.
FIG. 21 illustrates an example of a screen that can be displayed on a terminal display unit according to a second example of the fourth embodiment of the present invention.
FIG. 22A to FIG.
FIG. 22M is an example showing a user number system usable for a card whose user number is updated according to an embodiment of the present invention.
FIG. 23 is a schematic view illustrating a case where a payment is charged for a mobile phone charge according to an embodiment of the present invention.
FIG. 24 is a schematic and exemplary conceptual diagram illustrating a case where a payment card according to an embodiment of the present invention functions as an authentication card.
[Explanation of symbols]
1 settlement system
2 Buyer terminal
3 Commerce system
4 Payment card
5 Authentication system
41 RF receiver
42 Frequency adjuster
43 signal processing unit
44 Memory section
45 speakers
46 Drive
47 Display
48 Operation switch section
100 wireless communication terminal
101 Data port
102 keypad
103 Display
200 payment card
202 Individual PC
204 server
206 Third party
212 CPU
214 EEPROM
216 Clock section
218 Interface section
300 payment card
302 reference number
306 Reference number
308 Reference Number
310 Reference Number
312 Reference number
314 reference number
320 Connector
411 RF receiver
412 Amplifier
413 Information extraction processing unit
421 Voltage Controlled Oscillator
422 PLL processing unit
431 decoder
432 control unit
442 ram
443 Other memory
920 user
D1 database module
D2 processing equipment
D11 Member information database
D12 Issuance information database
D13 Payment information database
D21 Member Management Department
D22 Number Issuer
D23 Settlement processing unit
D24 Information transmission unit
M1, M2 network
k1 number key
k2, k3 arrow keys
k4 key

Claims (37)

Payment of a payment system including a database connected to a buyer's payment card and a seller's commerce system through a network, and storing a card user number corresponding to a plurality of card numbers usable for each buyer. In the method,
If a card user number is received from the commerce system, searching the database to find a corresponding card number;
Determining whether to approve the transaction for the card number;
Reporting a transaction approval to the commerce system when a transaction approval for the card number is determined;
The card user number associated with the card number is changed to a new number and transmitted to the buyer's payment card so that the card user number of the payment card is updated, and the card user number associated with the card number is updated. Updating the card user number stored in the database to the changed card user number. A payment system that is connected to a buyer's payment card and a seller's commerce system through a network and includes a database in which card user numbers and passwords are stored in association with a plurality of card numbers that can be used for each buyer. In the settlement method of
If a password is entered through a network, searching the database to find a corresponding card user number;
Transmitting the card user number to the payment card;
If a card user number is received from the commercial transaction system that has confirmed the card user number of the payment card, searching the database to find a corresponding card number;
Determining whether to approve the transaction for the card number;
If the transaction approval for the card number is determined, reporting the transaction approval to the commercial transaction system;
Changing the card user number associated with the card number to a new number, and updating the card user number in the database associated with the card number with the changed card user number And a settlement method including: The payment card stores a card user number received from the payment system,
The method according to claim 1, further comprising displaying a card user number based on a password input to the payment card. The step of determining whether to approve the transaction with respect to the card number includes authorizing the transaction only when the card user number received from the commercial transaction system matches the card user number transmitted to the payment card. The settlement method according to claim 1 or 2, wherein the settlement is performed. The method according to claim 1, wherein, in the transmitting the card user number, the card user number is encrypted and transmitted to a purchaser's payment card. In the payment card, the encrypted card user number received from the payment system is stored corresponding to each card,
The payment card may further include, if one card is selected, decrypting and displaying the encrypted card user number according to a decryption rule set based on the input number. The settlement method according to claim 5. A settlement system that is connected to the merchant's commerce system via a network, stores a card number that can be used for each buyer, and stores a plurality of card user numbers associated with each card number and stored. In the settlement method of
If the identification number and the card user number are received from the commercial transaction system, searching the database to find a corresponding card number;
Determining whether to approve the transaction for the card number;
If a transaction approval for the card number is determined, reporting the transaction approval to the commerce system.
When the card user number transmitted from the commercial transaction system matches the card user number corresponding to the order currently used, a card number corresponding to the card user number is searched for. Payment Method. The transaction system transmits the card user number confirmed from the payment card to the payment system, and the payment card storing the plurality of encrypted card user numbers is currently used based on the entered password. 8. The settlement method according to claim 7, wherein the encrypted card user number corresponding to the order is decrypted and the card user number is displayed. A payment method for a payment system including a database in which a card user-specific information is stored for each of a plurality of card numbers usable for each buyer and connected to a merchant transaction system through a network,
If a card user number is received from the commercial transaction system, processing the card user number to generate corresponding card user specific information;
Searching the database based on the generated card user-specific information to determine a corresponding card number;
Determining whether to approve the transaction for the card number;
Reporting a transaction approval to the commercial transaction system when the transaction approval for the card number is determined. The transaction system checks a card user number from a stored payment card in which card user-specific information is associated with each available card number and transmits the card user number to the payment system.
The payment card, if one card is selected, encrypts the card user unique information based on the inputted password, generates and displays the card user number,
The method according to claim 9, wherein the generating step decodes the card user number received from the commercial transaction system to generate corresponding card user specific information. The settlement method according to claim 9, wherein the card user specific information is a previously generated card user number or a transaction count. The card user number includes a user number and a usage amount indicating a payable amount,
The determining of the transaction approval may include performing the transaction approval only when the transaction approval amount requested by the commercial transaction system is equal to or less than the usage amount included in the received card user number. Item 10. The settlement method according to item 7 or 9. An input unit,
A memory storing a plurality of encryption card user numbers,
Each time a password is input from the input unit, one encrypted card user number is sequentially read from the memory according to a set order, and then the read card user number is decrypted based on the input password. A processing unit to be
A display unit for displaying the decryption card user number. A payment card connectable to a wireless communication terminal including a display unit and an input unit,
A memory storing a plurality of encryption card user numbers,
Each time a password is input from the input unit of the wireless communication terminal, one encrypted card user number is sequentially read from the memory in accordance with the set order, and then the card read based on the input password is used. And a processing unit for decrypting the user number and providing the decrypted card user number to the wireless communication terminal so as to be displayed on a display unit. A payment card connectable to a wireless communication terminal including a display unit and an input unit,
A memory in which card user-specific information is stored;
After reading the card user specific information from the memory every time a password is input from the input unit, generate a card user number by processing based on the input password, and generate the generated card user number. A processing unit for providing a number to the wireless communication terminal so as to be displayed on a display unit. An input part for inputting a password,
A transmitting unit for requesting a card user number while transmitting the password through a network;
A receiving unit that receives an encryption card user number transmitted in response to a password transmitted through a network;
A memory for storing the received encrypted card user number;
A processing unit for decrypting the encrypted card user number received and stored corresponding to the password into a usable card user number,
A display unit for displaying a decryption card user number in the processing unit. The processing unit decrypts an encryption card user number associated with the transmitted password when the password input through the input unit matches the transmitted password. The payment card according to any one of claims 13 to 16. 17. The payment card according to claim 13, wherein the card user number is used as an authentication number for user authentication. The payment card according to claim 14, further comprising an interface unit for communicating with a data port of the wireless communication terminal. 16. The payment card according to claim 14, wherein the payment card is connected to a data port of the wireless communication terminal through a connector to communicate data. An input unit,
A memory in which card user-specific information is stored;
After reading the card user specific information from the memory every time a password is input from the input unit, a processing unit that generates a card user number by processing based on the input password,
A display unit for displaying the generated card user number. An input unit,
A receiving unit for receiving an encryption card user number,
A memory for storing the encryption card user number;
A processing unit that decrypts an encrypted card user number stored in the memory based on a password input from the input unit;
A display unit for displaying a decryption card user number in the processing unit. The payment card according to any one of claims 21 to 22, wherein the card user number is used as an authentication number for user authentication. In a payment system that performs payment processing by being connected to a buyer's payment card and a seller's commerce system through a network,
A database in which card user numbers are stored in association with a plurality of card numbers that can be used for each buyer,
When the card user number is transmitted from the commercial transaction system, the database is searched to find a card number corresponding to the transmitted card user number, and a payment process is performed. A processing device for changing the user number to a new card user number, updating the card user number in the database to the changed card user number, and transmitting the updated card user number to the payment card. In a payment system that performs payment processing by being connected to a buyer's payment card and a seller's commerce system through a network,
A database in which card user numbers are stored in association with a plurality of card numbers that can be used for each buyer,
If there is a card user number transmission request from the payment card, the database is searched to transmit a card user number corresponding to the card to the payment card, and if the card user number is transmitted from the commercial transaction system, It is determined whether or not the card user number transmitted to the payment card matches, and if the card user number matches, the payment processing is performed, and the card user number associated with the card number is changed to a new number. And updating the card user number in the database associated with the card number with the changed card user number. In the settlement system that performs settlement processing by being connected to the merchant transaction system of the seller through the network,
A database in which a plurality of card user numbers are stored in association with card numbers that can be used for each buyer,
The card user number is received from the commercial transaction system, the card user number is read from the database to determine whether or not the card user number matches, and if the card user number matches, a card number corresponding to the card user number is searched for. And a processing device for performing settlement processing by
The processing device may sequentially read one of the plurality of card user numbers stored in the database according to a setting order and compare the card user number with the card user number transmitted from the commercial transaction system. Characteristic settlement system. In the settlement system that performs settlement processing by being connected to the merchant transaction system of the seller through the network,
A database that stores card user-specific information corresponding to a plurality of card numbers that can be used for each buyer,
When the card user number is received from the commercial transaction system, the card user number is processed to generate card user unique information, and the database is searched and responded based on the generated card user unique information. And a processing device for performing a payment process by searching for a card number to be processed. 26. The payment system according to claim 24, wherein the processing device encrypts a card user number corresponding to the card and transmits the encrypted card user number to the payment card. 28. The settlement system according to claim 24, wherein the card number associated with the card user number is a credit card number. In an authentication method of a system for authenticating a service user using a database in which a user number is associated and stored for each service user,
Receiving a user number generated from the authentication card through a network;
Comparing the received user number with the user number stored in the database;
If the received user number matches the user number stored in the database, providing the service by determining that the user is a legitimate service user;
If the received user number does not match the user number stored in the database, it is determined that the user is not a legitimate service user, and the user number is determined through the network path through which the user number was transmitted. Reporting the result;
After providing the information or reporting the result, the user number corresponding to the service user is changed to a new number and transmitted to an authentication card so that the user number of the authentication card is updated, and Updating the user number of the database associated with the user with the changed user number. An authentication method of a system for authenticating a service user using a database in which a plurality of user numbers are associated and stored for each service user,
Receiving a user number generated from the authentication card through a network;
Selecting a user number corresponding to the currently used order among the plurality of user numbers stored in the database and comparing the selected user number with the received user number;
If the received user number matches the user number stored in the database, providing the service by determining that the user is a legitimate service user;
If the received user number does not match the user number stored in the database, it is determined that the user is not a legitimate service user, and the user number is determined through the network path through which the user number was transmitted. Reporting the result. When the user number is received from a service provider through a network,
If the received user number matches the user number stored in the database, the user number and the ID and password of a service available user are provided to the service provider to be authenticated. Reporting,
If the received user number does not match the user number stored in the database, it is determined that the user is not a legal service user, and the service provider is determined along with the user number. 32. The authentication method according to claim 30, further comprising the step of: The user number transmitted through the network includes a unique field and a password for identifying a member so as to authenticate a user who can use the service, and the unique field or / and the password are variable. The authentication method according to claim 30, wherein the authentication is performed. An authentication method of a system for authenticating a service user using a database in which user-specific information is stored for each service user,
Receiving a user number generated from the authentication card through a network;
Processing the received user number to generate corresponding user-specific information;
Searching the database based on the generated user-specific information; and determining that the user is an appropriate service user if the generated user-specific information is stored in the database. Providing the service;
If the generated user-specific information is not stored in the database, it is determined that the user is not a legitimate service user, and the result of the determination is reported through the network path through which the user number is transmitted. Authentication method including steps. The authentication card encrypts user-specific information based on the input password, generates and displays a card user number,
35. The authentication method according to claim 34, wherein in the generating step, the received user number is decoded to generate corresponding user-specific information. In a system for authenticating a user number transmitted through a network and providing a service to the user,
A database in which user numbers are associated and stored for each service user,
If the user number is transmitted through the network, it is determined whether the user number matches the user number stored in the database. If the user number is transmitted, the service is provided, and the user number is stored in the database. An authentication system including a processing device for performing a change process. The user number transmitted through the network includes a unique field and a password that can identify the member who can use the service so that the member can be authenticated.
The authentication system according to claim 36, wherein the processing device changes the unique field and / or the password.

Images